Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Log and drop only the messages that have matching filetypes:

Find messages with very large “To” headers. 

Use the 

archive()

 line for verification of proper action, with drop() enabled or disabled for extra safety:

Identify blank “From” headers, 

This filter can alleviate various forms of blank “from” addresses:

drop_attachments: 

if (mail-from != "user@example.com") AND (attachment-filename ==

'(?i)\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$')

{

  archive("Drop_Attachments");

  insert-header("X-Filter", "Dropped by: $FilterName MID: $MID"); 

drop-attachments-by-name("\\.(asp|bas|bat|cmd|cpl|exe|hta|ins|isp|js)$");

}

toTooBig: 

if(header('To') == "^.{500,}") { 

   archive('tooTooBigdropped'); 

   drop(); 

} 

blank_mail_from_stop: 

if (recv-listener == "InboundMail" AND header("From") == "^$|<\\s*>") { 

  drop (); 

}